For those of you who know me, Henry was my basset hound, and the fictitious name used during (ahem) special research. I'm a former intelligence officer, a professional analyst, and a blogger since 2004 writing about my experiences on the journey --information security, cyber intelligence, education, thoughts. Some love my writings others hate it. If you like it, follow me!

Saturday, July 28, 2012

This week we released Fusion Report 17. FR12-017 details
an adversary who is active in Defense Industrial Base industry sector. The report
provides an in depth analysis on the actor's known TTPs and their flagship
malware to include tailored SNORT signatures and over 140 host and network-based indicators. Also, due to related indicators
provided by a member, Red Sky analysts identified high-probability targeting of
as many as 22 other non-member companies.

For those Red Sky Alliance members not in the Defense Space, one member's detection just became your prevention. This group has been active for quite some time, We strongly suggest you implement protections from this report immediately.

The addition of FR12-017
was only the beginning of the week. It’s been a bit of a wild ride. I’ve been
in Vegas for Blackhat, meeting current members, demo’ing potential members,
sitting in talks, supporting associate members (technology partners), and of
course, attending a few parties!

Highlights from the
week:

Published Fusion
Report 17

I spent the brunt of
the week at Blackhat while Chris held down the portal –which appeared to be
pretty busy! We finalized membership with a couple of new companies, and a few
current members enrolled more of their Infosec team members. Chris has been busy this week. He's working the next Fusion Report, training two analysts, and it appears slogging through a new, unusual piece of malware.

Blackhat was cool. I
did a demo in shorts and a polo sitting on a bench outside of the executive
briefings on Tuesday night. During the talk, a current member was walking by
and stopped to rave about how much he liked being in the Alliance. Needless to
say, we have a new company joining as a direct result of the reviews offered. Thanks Don!

I spent a ton of time
with our Associate members. Associate members are vendors who perform analysis
in the backend of the Red Sky Portal. LookingGlass and Norman both did a heck
of a job. I tried where I could to offer my testimonials to folks coming to
their booths, as both provide analytics, and both have strong peer reviews. I hope it
helped!

LookingGlass threw a party on Thursday night at a club in the bottom of
Aria. Love you guys man, but I’ve got to say, meeting Randy Couture was probably the highlight of my day.
Randy is supporting wounded warriors through his own organization, the Xtreme Couture GI Foundation. LookingGlass sold T-Shirts all day and during
the party to support Randy's Foundation. At the end of
the night presented them with a check for $10,000. It was a heck of a night.Well done guys. Bravo Zulu!

Last, I’m on my Delta
flight from Vegas to Detroit for a layover before heading into Boston. Sitting
next to a VP from Qualys. We struck up a great
conversation about things we’re both doing (I’m liking the new web application
firewall!). When we talked Red Sky, I gave him a quick look at the portal and walked him through the story of an ‘overseas’ hacker using the ISP in the US, and then the
ensuing fusion report (having WiFi on the airplane is really sweet!). We’re now
LinkedIn, he’s sending me a couple of referrals, and maybe we’ll see Qualys
joining the Alliance sometime soon. Who knows! We’ll see!

We’re at 19 companies
in the portal today with four more working their way through the membership
process. We don’t require cleared facilities, government inspections, or secret
spy handshakes. We only
require that you pass muster when we ask our Advisory board if you should be
admitted, participate, and follow the information handling rules. It’s that
simple. Vendors are also welcome as analytic/defender participants. Some really good stuff comes from having vendors in the community. How else will they know what holes they have to fill in their products? Also, having vendors in the portal is a great (GREAT!) way to find out if they can do what they say they can do! They get peer reviewed just like everyone else. So far, so good!

Still not sure about
joining? Not a problem. Call us when you’re ready. Quoting Tom Bodett (Motel 6)
“We’ll leave the light on for ya!”

I’m heading on
vacation starting today. I’m turning off my electronics for the next week. If you need help, please don’t hesitate to reach out to Jim. He’s standing by
to take your call!